123[.]7z | Triage

Sharing

General

Target

123.7z
Size

591KB
MD5

f984ee4a0425f3dcb14e7cf68c0b1b57
SHA1

701d0eadbc65e9137f9f9c2be5ddae943c6739ca
SHA256

c73c97888e824a509cc8dbd8d01e61481797ac4eb13f3f3864d6d795dca8d234
SHA512

bb7daa02a371ceda0845069a38a634ac0166d5baf70bae214f360b70ea4c8d20d194f0e0bc2887a5f18e08ce4f337953bfbe3929168e370b28a55a4475690925
SSDEEP

12288:pq9wEiCbvpUPwWronZ2OO4vdqRXnTggIQHTMYHciJU8PUzfknZKRuE/SXyhH:pREvUYZhblqNEgIITNHVJU88TRueAu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Hamedal AW-A20承认书-中性包材承认书/Hamedal AW-A20承认书-中性包材承认书.exe

Files

123.7z
.7z

Password: infected
Hamedal AW-A20承认书-中性包材承认书.rar
.rar

Password: infected
Hamedal AW-A20承认书-中性包材承认书/Hamedal AW-A20承认书-中性包材承认书.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ